Yarn v2/v3 zero-install file permissions are changed #6081
Comments
|
Are you still seeing this behavior @agrobbin? Before closing the previous issue I had deployed the changes discussed there where we are now using |
|
@pavera unfortunately I'm still seeing the changes in some Dependabot PRs issued this morning. |
|
Some but not all? That would seem to indicate that our detection of zero installs is non-deterministic somehow. If we detect zero-install (by the presence of a .pnp.cjs file in the repo) we use |
|
Sorry, what I meant to say was "in all Dependabot PRs issued this morning". My use of the word "some" was meant to indicate that I got several Dependabot PRs, all of which had this issue. Sorry for the confusion! |
|
OK, so |
|
No problem! Please let me know if there is anything I can do to help debut the issue further. |
jeffwidman
added
T: bug 🐞
pavera
added
L: javascript:yarn
|
I've found the issue here, we set the mode on all files as part of the PR creation. Working on a solution now. |
|
I've deployed the fix for this and verified it works in our test repos. Closing this issue, but if this is still occurring please reopen. |
|
Thanks @pavera! I will confirm the next time Dependabot updates a Yarn dependency. |
|
@pavera just to confirm, this seems to have done the trick! Really appreciate all of your follow-up work on Yarn Berry Dependabot support. |
|
@pavera I'm sorry to resurrect this issue, but I have started seeing this issue again on one of my repositories. I haven't been able to deduce a pattern, yet, but if there's anything I can do to help debug it, please let me know! |
When doing zero-installs on Yarn v2/v3, the
.pnp.cjsfile permission is changed by Dependabot from755to644.@pavera to ensure this subtle bug is not lost, I thought it'd make sense to create a separate issue for it.
Originally posted by @agrobbin in #5946 (comment)
The text was updated successfully, but these errors were encountered: